1. Introduction
CryptoMD ("we," "our," or "the Platform") is an enterprise-grade Mobile Device Management (MDM) platform designed for authorized corporate device management, parental monitoring, and fleet device administration. This Privacy Policy describes how we collect, use, store, and protect information when you use our services.
By using CryptoMD, you acknowledge that you have read, understood, and agree to the practices described in this policy.
2. Scope of Services
CryptoMD provides the following MDM capabilities for authorized administrators only:
- Employee Device Management (EDM) — Corporate-owned device monitoring and policy enforcement
- Parental Control — Child safety monitoring with parental consent
- Corporate Fleet Management — Multi-device administration for enterprise environments
- BYOD Policy Enforcement — Bring Your Own Device compliance monitoring
3. Information We Collect
3.1 Account Information
- Username and encrypted password
- Email address (optional, for notifications)
- Subscription and billing information
3.2 Device Information (Managed Devices Only)
The following data is collected only from devices enrolled by authorized administrators with proper consent:
- Device identifiers (model, OS version, serial number)
- Network information (Wi-Fi, cellular connectivity status)
- Application inventory and usage statistics
- Location data (when enabled by administrator policy)
- Communication logs (call logs, SMS metadata)
- Screen captures (when enabled by administrator policy)
- Audio recordings (when enabled by administrator policy)
- Keystroke logs (when enabled by administrator policy)
- Device notifications (when enabled by administrator policy)
3.3 Usage Data
- Platform access logs and session information
- Feature usage statistics
- Error and performance metrics
4. Legal Basis for Data Collection
CryptoMD processes data under the following legal bases:
- Consent — Device owners or legal guardians provide explicit consent before enrollment
- Legitimate Interest — Corporate device management for business security and compliance
- Contractual Obligation — Providing MDM services as agreed in the Terms of Service
- Legal Compliance — Meeting regulatory requirements for data security
5. Consent Requirements
CryptoMD requires the following consent before device enrollment:
- Corporate Devices: Written employee notification that company-owned devices are managed and monitored
- Parental Control: Parent or legal guardian must be the account holder; monitoring is limited to minor children
- BYOD: Explicit written consent from the device owner before enrollment
Unauthorized surveillance is strictly prohibited. Administrators are solely responsible for obtaining proper consent and complying with applicable laws.
6. Data Storage and Security
- All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Device data is stored primarily on the managed device itself
- Server-side data is stored in secure, access-controlled databases
- Automated data retention policies with configurable expiration
- Regular security audits and vulnerability assessments
7. Data Retention
Data retention periods are determined by the administrator's subscription tier:
- Scout tier: 7 days
- Shadow tier: 30 days
- Phantom tier: 90 days
Account data is retained for 30 days after account deletion, then permanently removed.
8. Data Sharing
We do not sell, rent, or share personal data with third parties, except:
- When required by law or valid legal process
- To protect our rights, safety, or property
- With your explicit consent
- With payment processors for billing purposes (no device data is shared)
9. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access — Request a copy of your personal data
- Rectification — Request correction of inaccurate data
- Erasure — Request deletion of your data ("right to be forgotten")
- Portability — Request your data in a portable format
- Objection — Object to specific data processing activities
- Withdrawal of Consent — Withdraw consent at any time by unenrolling the device
10. Children's Privacy
CryptoMD's Parental Control feature is designed to help parents monitor minor children's device usage. Only a parent or legal guardian may enroll a minor's device. We do not knowingly collect data from children without parental consent.
11. International Data Transfers
Data may be processed in jurisdictions outside your country of residence. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where applicable.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the Platform or via email. Continued use of the Platform after changes constitutes acceptance.
13. Contact Information
For privacy-related inquiries, data requests, or concerns:
- Email: privacy@cryptomd.uz
- Website: https://cryptomd.uz